A couple of other things here.
1) Know the security aspects on the XP O/S. You should take note on using the Everyone Group account that you can put on the FTP folder via the XP /S -- NOT -- what's happening with the FTP server setup for user-id's. You can give the Everyone Group account *full access rights* on the FTP folder through the O/S. By using the Everygroup Group account on the folder, it's an account the XP O/S already as established in it's internal setup, which will allow user-id that has been setup or not setup through the O/S to access it, as it doesn't care. It's open to *Everyone*. It's an open check book when NTFS is being used. You can use the Everyone Group account on the folder and remove it and use individual user-id/accounts on the folder when you get the hang of things on O/S setup.2) Reduce the risk of the NT based O/S that's being exposed to the Internet for whatever reason it's being exposed as much as possible such as service like the FTP server that's being exposed. Otherwise, the machine is just
*hack bait* setting there. And it's more to it than what's in the link below when exposing services on the NT based O/S that the XP O/S must be secured or harden to attack. There are articles out there on the Internet and books on the security aspects as to what can been done.4) Close the ports for know and not port forward them until such time you have everything setup and working properly and some type of security has been applied to the XP O/S as much as possible as 're just *hack bait* otherwise, because if the O/S, registry, file system, user accounts and the service itself like IIS or your FTP server is not secure, then nothing on the machine is secure.
Duane :)